More work on early system setup init containers

2025-04-22 10:03:57 -04:00
parent 1fa2fd3d95
commit 2f28459f9a
9 changed files with 167 additions and 17 deletions
--- a/src/api/cluster/system.rs
+++ b/src/api/cluster/system.rs
@@ -15,6 +15,7 @@ use proxmox_api::types::VmId;
 use proxmox_api::UreqError;
 use serde_json::json;
 use tokio::time::sleep;
+use gethostname::gethostname;
 use crate::api::cluster::carrier::{provision_carrier_unmanaged, terminate_carrier_unmanaged};
 use crate::api::cluster::node::migrate_node_unmanaged;
 use crate::api::cluster::volume::create_volume_unmanaged;
@@ -46,7 +47,9 @@ pub async fn ensure_system_disk(svc: &Services<'_>) -> Result<(), P5xError> {
    info!(target: "p5x", "Provisioning new P5x API system disk (this is a one-time fixup)...");

    // Load the labels for this pod's node
-    let pod_name = env::var("POD_NAME").expect("Could not determine POD_NAME from environment!");
+    let pod_name = env::var("POD_NAME")
+        .or_else(|_| gethostname().into_string())
+        .expect("Could not determine pod name from environment");
    let pods: Api<Pod> = Api::namespaced(client.clone(), &namespace);
    let pod = pods.get(&pod_name).await.map_err(P5xError::KubeError)?;

@@ -72,7 +75,7 @@ pub async fn ensure_system_disk(svc: &Services<'_>) -> Result<(), P5xError> {
        5 * 1024 * 1024 * 1024,
        pve_host,
        pve_id,
-        "p5x-api-system-disk"
+        "system-data"
    ).await?;

    // Add it to the dynamic-kv config and save
@@ -96,6 +99,7 @@ pub async fn migrate_system_disk_if_necessary(svc: &Services<'_>) -> Result<(),
    // Load the dynamic-kv and get the current host/mount
    let client = Client::try_default().await.map_err(P5xError::KubeError)?;
    let namespace = fs::read_to_string("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
+        .or_else(|_| env::var("P5X_OVERRIDE_NS"))
        .unwrap_or_else(|_| "p5x-system".to_string());

    let maps: Api<ConfigMap> = Api::namespaced(client.clone(), &namespace);
@@ -107,7 +111,9 @@ pub async fn migrate_system_disk_if_necessary(svc: &Services<'_>) -> Result<(),
    let current_pve_id: i32 = data.get("api-pve-id").expect("Could not find api-pve-id in dynamic-kv config").parse().unwrap();

    // Load the labels for this pod's node
-    let pod_name = env::var("POD_NAME").expect("Could not determine POD_NAME from environment!");
+    let pod_name = env::var("POD_NAME")
+        .or_else(|_| gethostname().into_string())
+        .expect("Could not determine pod name from environment");
    let pods: Api<Pod> = Api::namespaced(client.clone(), &namespace);
    let pod = pods.get(&pod_name).await.map_err(P5xError::KubeError)?;

--- a/src/api/db/migrations/mod.rs
+++ b/src/api/db/migrations/mod.rs
@@ -1,6 +1,7 @@
 use async_trait::async_trait;
 use rocket::{fairing, Build, Rocket};
 use rocket::fairing::AdHoc;
+use sea_orm::DatabaseConnection;
 pub use sea_orm_migration::prelude::*;
 use sea_orm_rocket::Database;
 use crate::api::Db;
@@ -30,6 +31,10 @@ async fn run_migrations(rocket: Rocket<Build>) -> fairing::Result {
    Ok(rocket)
 }

+pub async fn run_migrations_unmanaged(conn: &DatabaseConnection) -> Result<(), DbErr> {
+    Migrator::up(conn, None).await
+}
+
 pub(super) fn init() -> AdHoc {
    AdHoc::try_on_ignite("Applying migrations", run_migrations)
 }
--- a/src/api/db/mod.rs
+++ b/src/api/db/mod.rs
@@ -1,4 +1,4 @@
-mod migrations;
+pub mod migrations;

 use std::time::Duration;
 use rocket::figment::Figment;
--- a/src/api/mod.rs
+++ b/src/api/mod.rs
@@ -1,6 +1,6 @@
 use rocket::fairing::AdHoc;

-mod db;
+pub mod db;
 mod route;
 pub mod util;
 pub mod cluster;
--- a/src/main.rs
+++ b/src/main.rs
@@ -2,12 +2,13 @@ pub mod api;
 #[macro_use] extern crate rocket;
 use dotenv::dotenv;
 use rocket::{Build, Rocket};
-use log::{error, info};
+use log::{error, info, debug};
 use std::{env, process};
 use sea_orm::Database;
 use crate::api::cluster::system::{ensure_ssh_keypair, ensure_system_disk, migrate_system_disk_if_necessary};
 use crate::api::services::Services;
 use crate::api::util::read_p5x_config;
+use crate::api::db::migrations::run_migrations_unmanaged;

 fn configure_rocket() -> Rocket<Build> {
    rocket::build()
@@ -27,22 +28,29 @@ async fn main() {
    }

    let mode = &args[1];
+    debug!(target: "p5x", "Running with mode: {mode}");
+
+    // Intentionally generate this before migrating/ensuring the system disk, since that requires
+    // Services, and Services requires the SSH keys to exist. The keys generated during the system
+    // disk ops will be overwritten when the disk is mounted.
+    ensure_ssh_keypair().expect("Could not ensure SSH keypair exists.");
+
    if mode == "ensure-system-disk" {
        let anon_db = Database::connect("sqlite::memory:").await.unwrap();
-        let svc = Services::build(&anon_db).await.unwrap();  // fixme: this is going to fail because of the SSH keys
+        run_migrations_unmanaged(&anon_db).await.unwrap();
+        let svc = Services::build(&anon_db).await.unwrap();
        ensure_system_disk(&svc).await.unwrap();
        return;
    }

    if mode == "migrate-system-disk" {
        let anon_db = Database::connect("sqlite::memory:").await.unwrap();
-        let svc = Services::build(&anon_db).await.unwrap();  // fixme: this is going to fail because of the SSH keys
+        run_migrations_unmanaged(&anon_db).await.unwrap();
+        let svc = Services::build(&anon_db).await.unwrap();
        migrate_system_disk_if_necessary(&svc).await.unwrap();
        return;
    }

-    ensure_ssh_keypair().expect("Could not ensure SSH keypair exists.");
-
    let config = read_p5x_config();  // Do this so we early-fail if there are missing env vars
    info!(target: "p5x", "Successfully read config from environment.");
    info!(target: "p5x", "Cluster host: {} ({})", config.pve_host_name, config.pve_api_host);